[sylpheed:34950] Re: accountrc windows

Hiroyuki Yamamoto hiro-y at kcn.ne.jp
Wed Dec 14 17:53:41 JST 2011


On Sun, 11 Dec 2011 23:30:44 +0200
Cristian Secară <liste at secarica.ro> wrote:

> On Sat, 10 Dec 2011 17:59:38 +0100, Tom Wiles wrote:
> > Now, if someone for some reason gains a read access to a windows
> > machine would be able to read all email password.

Because of this, the account setup dialog doesn't let users enter
password when creating an account since 3.0.

> Normally Sylpheed stores the user data under the user account
> directory. While your concern makes sense, a normal user gaining "a
> read access to a windows machine" does not automatically has read
> permissions under your user files, except if logged as you, or as
> administrator, or as some user configured with elevated access.
> Other thing, with the passwords either visible or somehow hidden, I
> don't see any difference. If the password is [either way] stored, I
> suppose that means the application is configured in "remember password"
> mode when fetching mail, so if someone launches Sylpheed while logged
> on your account, it will simply read any mail, no need to know any
> password.
> IMO this discussion may have sense only when combined to some master
> password when opening the program.

I have created an issue about master password, which I have thought of
for some time, on the Sylpheed BTS.


Please feel free to discuss the specs and the implementation.

Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>

More information about the Sylpheed mailing list